kimi-code/packages/server
Haozhe 60dfb68a2d
feat(server): add bearer-token auth and safe host exposure (#1006)
* test(server): add API surface snapshot guardrail

Boot startServer on port 0 and snapshot the documented v1 route table derived from /openapi.json paths, plus the reachability of doc/meta endpoints (/healthz, /openapi.json, /asyncapi.json, /). Gives later auth/--host phases an intentional diff when routes change. M0 makes no production behavior change.

* test(server): add e2e server harness with token support

Add test/helpers/serverHarness.ts: boot() wraps startServer with an isolated lock + home dir and returns a handle (server, address, baseUrl, wsUrl, token, close) plus authedFetch/authedWs that carry Authorization: Bearer <token> (and the kimi-code.bearer.<token> WS subprotocol). serviceOverrides is the generic DI seam later phases use to inject a fixed-token auth service; IAuthTokenService is not referenced yet. closeAll() tears down every booted server and socket. M0 makes no production behavior change; typecheck-only gate.

* feat(server): add privateFiles 0600 atomic write/read utility

* feat(server): add per-start tokenStore

* feat(server): add env-based bcrypt password hash utility

* feat(server): add IAuthTokenService DI seam

* feat(server): add global onRequest auth hook with bypass + redaction

* fix(server): stop reflecting Host header in /asyncapi.json

* feat(server): add WS bearer subprotocol constant and parser

* feat(server): enforce bearer token auth on WS upgrade

* feat(server): add Host header allowlist middleware

* feat(server): add Origin/CORS middleware

* feat(server): wire Host/Origin checks into HTTP and WS

* feat(server): wire token auth, Host/Origin, and WS auth into start.ts

* fix(server): create lock file with 0600 permissions

* fix(server): suppress debug routes on non-loopback binds

* feat(kimi-code): read server token and send Authorization on CLI calls

* feat(kimi-code): inject server token into /web URL fragment

* feat(server): add bindClassify for loopback/lan/public classification

* feat(kimi-code): register --host flag and pass it through the daemon

* feat(server): require password and TLS opt-out on non-loopback binds

* feat(server): rate-limit repeated auth failures on non-loopback binds

* feat(server): disable shutdown and terminals on public binds by default

* feat(server): add security response headers on non-loopback binds

* test(server): cover LAN/public host-exposure hardening end to end

* docs(server): add deployment security and threat-model guide

* changeset: minor kimi-code for server auth and host exposure

* feat(kimi-web): add server bearer-token auth support

* fix: repair CI for server auth and host exposure

- Replace native @node-rs/bcrypt with pure-JS bcryptjs so the ESM CLI
  bundle and the SEA native bundle both build without native-addon
  require issues (node-rs/bcrypt broke the ESM smoke and the SEA
  check-bundle allowlist).
- Remove dead cleanup references (stopSpinner, authLogoBlinkTimer) in
  apps/kimi-web App.vue that failed vue-tsc.
- Fix lint: drop empty spread fallbacks in the e2e auth-header merge,
  void the intentionally-async WS upgrade listener, add missing
  assertions to satisfy jest/expect-expect, and convert a ternary
  statement to if/else.
- Send the bearer token in the snapshot perf/smoke tests so they pass
  under the new global auth hook.
- Refresh the pnpmDeps hash in flake.nix for the updated lockfile.

* feat(server): persist bearer token and add rotate-token command

- persist the server bearer token in <home>/server.token (0600) and reuse it across restarts instead of per-start server-<pid>.token
- add `kimi server rotate-token` to regenerate the token; the token store reloads on mtime/inode change so rotation applies without restart
- print the token and Vite-style Local/Network URLs in the startup banner
- allow non-loopback binds with bearer-token-only auth (password now optional) and update SECURITY.md
- surface daemon boot failures immediately with the exit reason and log tail instead of waiting for the spawn timeout

* feat(server): print full token URLs and re-print links after rotate

- Drop the ready-panel border so token URLs print in full for copying; keep the Kimi sprite beside the title.
- Re-print Local/Network access links after `server rotate-token` (host/port from the lock).
- Extract shared access-URL helpers into access-urls.ts.
- Unify link and token colors between the banner and rotate-token.

* feat(server): dim URL #token= fragment and de-highlight token

- Render the `#token=…` fragment in a dim gray so the host/port stands out in the banner and rotate-token links.
- De-highlight the standalone token; set it off with surrounding whitespace instead of color.
- Add splitTokenFragment helper.

* refactor(cli): polish server ready banner and rotate-token output

- move version onto the ready banner title line; drop the separate
  Ready:/Version: rows and the startup-time metric
- reorder rotate-token output so the new token sits between the
  invalidation note and the access links
- update server CLI tests for the new layout

* feat(server): warn on reuse and refine ready banner

- Warn when `server run` reuses an already-running daemon (its options are not applied) and show the running server's actual URLs.
- Show a `Network: off  use --host 0.0.0.0 to enable` hint on loopback binds.
- Move the version onto the title line and drop the startup-time metric.

* fix(web): relabel auth dialog to token and cover full page

- Relabel the server auth dialog from "password" to "token"; the server accepts the bearer token, with the password only as a fallback.
- Make the auth dialog overlay fully opaque so it covers the whole page instead of revealing the login page underneath.

* fix: resolve CI failures on web auth PR

- Replace chalk.yellow named color with chalk.hex(darkColors.warning)
  in the server reuse notice to satisfy the chalk named color guard.
- Update pnpmDeps hash in flake.nix to match the regenerated
  pnpm-lock.yaml so the Nix build succeeds.
- Retry rmSync in ws-broadcast e2e teardown to ride out EBUSY /
  ENOTEMPTY races while the server flushes files after close().

* test(server): update API surface snapshot for warnings route

The feat/web-auth branch adds GET /api/v1/sessions/{session_id}/warnings
(packages/server/src/routes/sessions.ts), so the API surface guardrail
snapshot needs to record the new documented v1 route.
2026-06-25 17:57:56 +08:00
..
scratch feat(web): introduce Kimi web app and daemon gateway (#625) 2026-06-17 20:53:46 +08:00
src feat(server): add bearer-token auth and safe host exposure (#1006) 2026-06-25 17:57:56 +08:00
test feat(server): add bearer-token auth and safe host exposure (#1006) 2026-06-25 17:57:56 +08:00
AGENTS.md feat(web): introduce Kimi web app and daemon gateway (#625) 2026-06-17 20:53:46 +08:00
CHANGELOG.md ci: release packages (#911) 2026-06-22 21:39:21 +08:00
package.json feat(server): add bearer-token auth and safe host exposure (#1006) 2026-06-25 17:57:56 +08:00
README.md feat(web): introduce Kimi web app and daemon gateway (#625) 2026-06-17 20:53:46 +08:00
SECURITY.md feat(server): add bearer-token auth and safe host exposure (#1006) 2026-06-25 17:57:56 +08:00
tsconfig.json feat(web): introduce Kimi web app and daemon gateway (#625) 2026-06-17 20:53:46 +08:00
tsdown.config.ts feat(web): introduce Kimi web app and daemon gateway (#625) 2026-06-17 20:53:46 +08:00
vitest.config.ts feat(web): introduce Kimi web app and daemon gateway (#625) 2026-06-17 20:53:46 +08:00

@moonshot-ai/server

Local REST + WebSocket server that exposes the Kimi Code SDK over a stable wire protocol. It hosts agent-core sessions and serves them under a single /api/v1 prefix. This package is private — it is not published on its own; it ships inside the kimi CLI (apps/kimi-code) and is launched via kimi server run.

What it does

  • Hosts agent-core sessions, prompts, tools, approvals, questions, and workspaces in process.
  • Exposes them over REST (Fastify) and WebSocket (ws) under /api/v1.
  • Serves the built-in web UI (apps/kimi-web) as static assets when a webAssetsDir is provided.
  • Publishes machine-readable contract docs: /openapi.json, /asyncapi.json.

Running it

# From the repo root — dev server with auto-restart
pnpm dev:server
pnpm dev:server:restart

# Checks
pnpm --filter @moonshot-ai/server typecheck   # tsc --noEmit
pnpm --filter @moonshot-ai/server test        # vitest run
pnpm --filter @moonshot-ai/server build       # tsdown

The public entry point is startServer(opts) in src/start.ts, which returns a RunningServer. In production the CLI command kimi server run (apps/kimi-code/src/cli/sub/server/run.ts) imports and calls it. This package has no dev script of its own — always start it from the repo root or via the CLI.

By default the server listens on 127.0.0.1:58627; e2e clients target it with KIMI_SERVER_URL (default http://127.0.0.1:58627).

Architecture

apps/kimi-code (CLI)            apps/kimi-web (browser)
        │                              │
        └──────────┬───────────────────┘
                   │  REST + WebSocket, /api/v1
        ┌──────────▼───────────┐
        │  @moonshot-ai/server │
        │  Fastify REST        │
        │  ws gateway          │
        │  DI container        │  ← @moonshot-ai/agent-core
        │  agent-core sessions │  ← @moonshot-ai/agent-core
        └──────────────────────┘
  • REST (src/routes/): domain modules aggregated by registerApiV1Routes.ts. Routes are declared with middleware/defineRoute.ts, which bundles Zod validators with the OpenAPI response schema.
  • WebSocket (src/ws/, src/services/gateway/): per-session seq, server_hello / ack / event / resync_required frames, replay and fan-out.
  • DI (src/services/serviceCollection.ts): seeds the container from @moonshot-ai/agent-core (getSingletonServiceDescriptors()) and layers in server-owned gateways plus IApprovalService / IQuestionService implementations.
  • OS service managers (src/svc/): launchd / systemd / schtasks backends for kimi server install/start.

Wire protocol notes

  • Envelope: every REST response is { code, msg, data, request_id } and the HTTP status is effectively always 200 — check code (0 = ok), not the status.
  • :action endpoints: some routes use an :id:action suffix (e.g. /sessions/{id}:undo); the suffix is parsed by routes/action-suffix.ts.
  • Single-instance lock: a running server acquires a lock; a second start on the same home throws ServerLockedError. Tests pass a unique lockPath / port.
  • @moonshot-ai/agent-core — the agent engine the server hosts, including the in-process DI service layer it wires together.
  • @moonshot-ai/protocol — wire types and the AsyncAPI document.
  • @moonshot-ai/node-sdk — typed in-process facade for user code (KimiHarness, Session); prefer it over hand-rolling REST/WS calls.
  • @moonshot-ai/server-e2e — wire-level e2e client and scenarios against a running server.

Development

For conventions, gotchas, and the boot wiring order, see packages/server/AGENTS.md. For the service naming and registration rules, see packages/services/AGENTS.md.